cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
314
Views
0
Helpful
1
Replies

Please review/help WPA config

ttoney
Beginner
Beginner

It seems to be setup ok for 802.1x with WEP re-keying but we are not being assigned an IP address after connection is established. We have confirmed EAP-TLS works through our Radius box using a different AP, the Linksys WRT54G so it seems to be a configuration issue.

We need to setup:

802.1x with WEP Re-keying

802.1x with MD5 authentication. (We have the Radius remote access policy setup for this.)

WPA with 802.1X authentication, 802.1X re-keying

Cisco1200ap#show running-config

Building configuration...

Current configuration : 2390 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Cisco1200ap

!

enable secret 5

!

username xxxx password xxxx

ip subnet-zero

ip domain name bbn.com

ip name-server 192.168.2.200

!

aaa new-model

!

!

aaa group server radius rad_eap

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa authorization ipmobile default group rad_pmip

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 128bit 7

xxxxx transmit-key

encryption key 2 size 128bit 7

xxxxxxxx

encryption key 3 size 128bit 7

xxxxxx

encryption key 4 size 128bit 7

xxxxxx

encryption mode ciphers wep128

!

broadcast-key change 60

!

!

ssid tsunami

authentication open

authentication shared

guest-mode

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

rts threshold 2312

station-role root

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.2.3 255.255.255.0

no ip route-cache

!

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100

ip radius source-interface BVI1

radius-server local

nas 192.168.2.200 key 7 02040655

!

radius-server host 192.168.2.200 auth-port 1812 acct-port 1646 key 7 xxxxxxxx

radius-server attribute 32 include-in-access-req format %h

radius-server authorization permit missing Service-Type

radius-server vsa send accounting

bridge 1 route ip

1 REPLY 1

Not applicable
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: